sp_Blitz - Skip checks where the login doesn’t have enough permissions #3292
Assignees
Labels
Comments
erikdarlingdata
added a commit
to erikdarlingdata/SQL-Server-First-Responder-Kit
that referenced
this issue
Jul 2, 2023
Closes BrentOzarULTD#3292 This feels like a somewhat naïve set of checks. I don't know a ton about security. It may clash when someone uses `EXECUTE AS` or signs the procedure for execution for lower-privileged users. It's also incomplete at the moment, because I need to round up commands that touch system databases we may not have read permissions in. I fully expect this to get rejected, but it got me error-free runs in a tightly locked down SQL Server environment. If anyone has feedback, I'm happy to take it.
|
Thanks for the pull request! Made a couple tweaks, tested it on SQL Server 2022 as SA, and on an AWS RDS instance with the default sysadmin account, and works with the same result sets. I didn't try restricting permissions, but this is a good place to start. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I’m doing some work in a high security environment where most checks run but some things like hitting sys.traces and DBCC commands fail, etc.
Describe the solution you'd like
Check to see if the user is a sysadmin/has access to view traces before running some checks.
Describe alternatives you've considered
Embarrassment
Are you ready to build the code for the feature?
Yep, have a prototype 😮💨
The text was updated successfully, but these errors were encountered: